[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RESPONDER_LIFETIME message format query

To: Derrell Piper <ddp@network-alchemy.com>
Subject: RESPONDER_LIFETIME message format query
From: "C. Harald Koch" <chk@utcc.utoronto.ca>
Date: Mon, 4 May 1998 15:45:49 -0400
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

The DOI says:

4.6.3.1 RESPONDER-LIFETIME
 
   The RESPONDER-LIFETIME status message may be used to communicate the
   IPSEC SA lifetime chosen by the responder.
 
   When present, the Notification Payload MUST have the following
   format:
 
     o  Payload Length - set to length of payload + size of data (var)
     o  DOI - set to IPSEC DOI (1)
     o  Protocol ID - set to selected Protocol ID from chosen SA
>>>> o  SPI Size - set to sixteen (16) (two eight-octet ISAKMP cookies)
     o  Notify Message Type - set to RESPONDER-LIFETIME (Section 4.6.3)
>>>> o  SPI - set to the two ISAKMP cookies
     o  Notification Data - contains an ISAKMP attribute list with the
        responder's actual SA lifetime(s)


Why is the SPI here the ISAKMP SPI? Shouldn't it be the ISAKMP SPI iff the
lifetime in question is the Phase1 lifetime being 'adjusted', and the IPSEC
SPI iff the lifetime in question is the Phase2 lifetime?

Confused,

-- 
Harald Koch
<chk@utcc.utoronto.ca>

Prev by Date: Re: (IPng 5744) Re: [Karen Seo: Thomas Narten -- clarification, etc.]
Next by Date: Re: (IPng 5759) Re: [Karen Seo: Thomas Narten -- clarification,etc.]
Prev by thread: Re: low-end IPSEC boxes?
Next by thread: RE: IPSEC standardization status
Index(es):
- Main
- Thread